<?php require("sessionStart.php");

$banned = false;

if ( (sizeof($_POST)>0) && isset($_POST['Username'])){
	
	$username = mysql_fix_string($_POST['Username']);
	$password = mysql_fix_string($_POST['Password']);
	$query = "SELECT * FROM USERS WHERE USERNAME='$username' AND PASSWORD='$password'; ";
	
	include('connect.php');
	
	$result = mysql_query($query);
	while($row = mysql_fetch_assoc($result)){
		if($row['PASSWORD'] == $password){
			if($row['BLACKMARK'] > 2 && $row['USER_TYPE'] != 'SYSADMIN') $banned = true;
			else{
				$_SESSION['Username'] = $row['NAME'];
				$_SESSION['USRID'] = $row['USRID'];
				$query2 = "insert into USERS_STATS (LOGIN_DATE,LOGIN_TIME,USRID)
							values (curdate(),now(),".$row['USRID'].");";
				mysql_query($query2);
				$_SESSION['group'] = $row['USER_TYPE'];
			}
		}
	}
	include('disconnect.php');
}

function mysql_fix_string($string)
{
	if (get_magic_quotes_gpc()) $string = stripslashes($string);
	return trim($string);
}

if($banned) $_SESSION['ErrorMessage'] = 'You have exceed 3 black marks.<br/>You are banned from the site until further notice.';
header('Location:../index.php');

?>
